2.5 Years in Jail for Planting 'Logic Bomb' 303
cweditor writes "A former Medco Health systems administrator was sentenced to 30 months in federal prison and ordered to pay $81,200 in restitution for planting a logic bomb on a network that held customer health care information. The code was designed to delete almost all information on about 70 company servers. This may be longest federal prison sentence for trying to damage a corporate computer system, although Yung-Hsun Lin faced a maximum of 10 years." How long before the disgruntled sysadmin replaces the disgruntled postal worker in the zeitgeist?
meatspace (Score:3, Interesting)
Re:Disgruntled sysadmins? (Score:4, Interesting)
Your plan sounds good in theory, but unfortunately, it rarely works in practice. Distinct separation of duties and powers requires a great deal of discipline on the organization. It took an act of congress to force get public companies, and in particular, the executive board, to take responsibility over accounting practices.
Besides, little ot todays software lets you seperate duties in a meaningful way or to require double authorization for critical actions.
2 1/2 years is a light sentence compared to the damage this guy could do. Thankfully, most sysadmins are honest ethical people.
wow, that's harsh (Score:5, Interesting)
I've heard some tales of the disgruntled from back in the day. The most common "I quit" sabotage was taking the reel-to-reel's from the library and dumping them in a sink with water. But the worst worst worst one I heard of, one that could even be an urban legend because of how evil it is, it was the revenge of an angry admin who wanted the company to pay dearly for the evils visited upon him. He sets up this program that doesn't run until several months after he leaves the company. Note, this is back in the days of tapes and computer operators who worked the night shift and moved the tapes from one drive to another, 1970-somethings. Anyway, what his program did was step through EVERY tape in the library. He shuffled it in a random order so nobody would become suspicious. The operator just follows the prompting on his terminal, never the wiser. By the time the sequence is complete, every tape has been erased. As the story goes, the company had no offsite backups and was ruined.
Revenge fantasies are fun but seriously, a job is a job. If you go out in a blaze of glory at one, it will make finding the next one a lot more difficult, especially with a felony on your record. But I guess if he was thinking clearly we wouldn't be reading about this in the first place.
life-threatening? (Score:4, Interesting)
Liebermann noted that if the bomb had taken down Medco's network, people using a Medco prescription card would not have been able to fill any new prescriptions. "That could be very serious, maybe even life-threatening, depending on the need for that medication," Liebermann said.
"""
So what happens when they have a network failure for some other reason? Bad hardware, power outage, building fire, comet impact...
Re:meatspace (Score:4, Interesting)
Flight control hacking
Railway tracks control
Time bombs in firmware of cars (in all cars of given model, after given date, once the speed is over 60mph, disable brakes and force power steering all the way to the left)
huge chemical industry factory manufacturing systems
municipal gas networks
oil pipelines control
Nuclear power plants
halon dump release system firmware
top secret strategical plans posted to usenet
military devices control systems
Nice work if you can get it (Score:5, Interesting)
So he figures, oh, it's a logic bomb, and not being terribly intrigued by it enough to study it, he just kicked up the number to push the deadline back by a century and left it at that.
Three or four days after the bomb was set to go off, they got a phone call from the guy asking if they had any work for him.
Re:Let's face it (Score:4, Interesting)
But I agree with you, I was a CS graduate that decided to head for the Network Engineering/Sys Admin field because the work was more interesting to me. Not saying that dev work isn't interesting, it is just not my cup o tea.
Every once in a while I consider heading back to dev work when I get tired of everyone watching every thing I do and having an opinion on it. Devs seem to have the enigma feel in the departments I have worked in. No one really knows what they do on an hour by hour basis except for their peers, they get to test things before they are live and if they make a mistake it is just considered standard debugging. Whereas as a Sysadmin, if someone's e-mail gets routed to junk mail you get put on the most wanted list for months.
Re:meatspace (Score:1, Interesting)
But they don't. What they do instead is implement hasher security protocols intended to prevent the employees from going postal. In the process spending as much, if not more than they would have making them happy. And stressing them further.
Modern management practices are astoundingly fascist, and saying "it's the same everywhere" is no excuse. It should be cause for alarm.
My sympathy is with the guy who tried to crash them. If there is one single person in an organization that gets routinely shit on, crash the whole thing. Screw 'em.
Re:Dead man switch (Score:3, Interesting)
What is interesting, perhaps even mind boggling, is that it appears that he hadn't lost his job. When his birthday rolled around in 2004 and the logic bomb didn't fire due to the bug, he was able to apply a fix and reset it for his birthday in 2005! You'd think that he wouldn't want to be around when it went off.